Lightweight DDoS Attack Detection Using Bayesian Space-Time Correlation
DDoS attacks are still one of the primary sources of problems on the Internet and continue to cause significant financial losses for organizations. To mitigate their impact, detection should preferably occur close to the attack origin, e.g., at home routers or edge servers. However, relying on packe...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2025-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/10937175/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | DDoS attacks are still one of the primary sources of problems on the Internet and continue to cause significant financial losses for organizations. To mitigate their impact, detection should preferably occur close to the attack origin, e.g., at home routers or edge servers. However, relying on packet inspection may bring serious privacy and scalability issues. We propose a lightweight system for DDoS detection that solely employs byte and packet counts from off-the-shelf home routers. To detect attacks with such a limited amount of information, our key insight consists in defining two detection layers: 1) a ML classifier trained with data from real home user and malware; 2) and a Bayesian hierarchical model that exploits the synchronized nature of DDoS attacks by correlating alarms from multiple homes to check the approach in the wild. We collect data on DDoS attacks by generating real attack traffic from the homes of a selected group of volunteers, utilizing authentic malware source code. In that experiment, conducted using the residences of volunteers and over one month, our system detected 99.1% of all DDoS attacks launched, with no false alarms. |
|---|---|
| ISSN: | 2169-3536 |